mirrors
/
sonarqube
зеркало из https://github.com/SonarSource/sonarqube.git
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Релизы 237 Вики Активность
Просмотр исходного кода

SONAR-8716 fix check of permissions in api/user/change_password

tags/6.3-RC1
Simon Brandhof 7 лет назад
Родитель
befcdf7aba
Сommit
fc3f8a9386
8 измененных файлов: 20 добавлений и 15 удалений
Разделённый вид Показать статистику Diff
  1. 1
    1
      server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java
  2. 3
    3
      server/sonar-server/src/test/java/org/sonar/server/ce/ws/CancelActionTest.java
  3. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/ce/ws/CancelAllActionTest.java
  4. 2
    2
      server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java
  5. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/debt/DebtModelBackupTest.java
  6. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java
  7. 1
    1
      server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java
  8. 9
    4
      server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java

+ 1
- 1
server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java Просмотреть файл

@@ -85,7 +85,7 @@ public class ChangePasswordAction implements UsersWsAction {
String previousPassword = request.mandatoryParam(PARAM_PREVIOUS_PASSWORD);
checkCurrentPassword(dbSession, login, previousPassword);
} else {
userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
userSession.checkIsRoot();
}

String password = request.mandatoryParam(PARAM_PASSWORD);

+ 3
- 3
server/sonar-server/src/test/java/org/sonar/server/ce/ws/CancelActionTest.java Просмотреть файл

@@ -44,7 +44,7 @@ public class CancelActionTest {

@Test
public void cancel_pending_task() {
userSession.login().setRoot();
userSession.logIn().setRoot();

tester.newRequest()
.setParam("id", "T1")
@@ -55,7 +55,7 @@ public class CancelActionTest {

@Test
public void throw_IllegalArgumentException_if_missing_id() {
userSession.login().setRoot();
userSession.logIn().setRoot();

expectedException.expect(IllegalArgumentException.class);
expectedException.expectMessage("The 'id' parameter is missing");
@@ -67,7 +67,7 @@ public class CancelActionTest {

@Test
public void throw_ForbiddenException_if_not_root() {
userSession.login().setNonRoot();
userSession.logIn().setNonRoot();

expectedException.expect(ForbiddenException.class);
expectedException.expectMessage("Insufficient privileges");

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/ce/ws/CancelAllActionTest.java Просмотреть файл

@@ -45,7 +45,7 @@ public class CancelAllActionTest {

@Test
public void cancel_all_pending_tasks() {
userSession.login().setRoot();
userSession.logIn().setRoot();

call();

@@ -54,7 +54,7 @@ public class CancelAllActionTest {

@Test
public void throw_ForbiddenException_if_not_root() {
userSession.login().setNonRoot();
userSession.logIn().setNonRoot();

expectedException.expect(ForbiddenException.class);
expectedException.expectMessage("Insufficient privileges");

+ 2
- 2
server/sonar-server/src/test/java/org/sonar/server/computation/queue/ReportSubmitterTest.java Просмотреть файл

@@ -98,7 +98,7 @@ public class ReportSubmitterTest {

@Test
public void submit_fails_with_organizationKey_does_not_match_organization_of_specified_component() {
userSession.login().setRoot();
userSession.logIn().setRoot();
OrganizationDto organization = db.organizations().insert();
ComponentDto project = db.components().insertProject(organization);
mockSuccessfulPrepareSubmitCall();
@@ -109,7 +109,7 @@ public class ReportSubmitterTest {
@Test
public void submit_a_report_on_existing_project() {
ComponentDto project = db.components().insertProject(db.getDefaultOrganization());
userSession.login().addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());
userSession.logIn().addProjectUuidPermissions(SCAN_EXECUTION, project.uuid());

mockSuccessfulPrepareSubmitCall();


+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/debt/DebtModelBackupTest.java Просмотреть файл

@@ -97,7 +97,7 @@ public class DebtModelBackupTest {

@Before
public void setUp() {
userSessionRule.login().setRoot();
userSessionRule.logIn().setRoot();

when(system2.now()).thenReturn(now.getTime());


+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/qualitygate/QualityGatesTest.java Просмотреть файл

@@ -95,7 +95,7 @@ public class QualityGatesTest {

underTest = new QualityGates(dbClient, metricFinder, userSession);

userSession.login().setRoot();
userSession.logIn().setRoot();
}

@Test

+ 1
- 1
server/sonar-server/src/test/java/org/sonar/server/ui/ws/ComponentActionTest.java Просмотреть файл

@@ -309,7 +309,7 @@ public class ComponentActionTest {
public void return_configuration_for_quality_profile_admin() throws Exception {
init();
componentDbTester.insertComponent(project);
userSessionRule.login()
userSessionRule.logIn()
.addProjectUuidPermissions(UserRole.USER, project.uuid())
.addOrganizationPermission(project.getOrganizationUuid(), QUALITY_PROFILE_ADMIN);


+ 9
- 4
server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java Просмотреть файл

@@ -25,7 +25,6 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.config.MapSettings;
import org.sonar.api.utils.System2;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbTester;
import org.sonar.db.user.GroupTesting;
import org.sonar.server.es.EsTester;
@@ -58,7 +57,7 @@ public class ChangePasswordActionTest {
public EsTester esTester = new EsTester(new UserIndexDefinition(new MapSettings()));

@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn();

private UserUpdater userUpdater = new UserUpdater(mock(NewUserNotifier.class), new MapSettings(), db.getDbClient(),
new UserIndexer(System2.INSTANCE, db.getDbClient(), esTester.client()), System2.INSTANCE, TestDefaultOrganizationProvider.from(db));
@@ -83,7 +82,10 @@ public class ChangePasswordActionTest {

@Test
public void fail_on_unknown_user() throws Exception {
userSessionRule.logIn().setRoot();

expectedException.expect(NotFoundException.class);

tester.newPostRequest("api/users", "change_password")
.setParam("login", "polop")
.setParam("password", "polop")
@@ -91,7 +93,8 @@ public class ChangePasswordActionTest {
}

@Test
public void update_password() throws Exception {
public void root_can_update_password_of_user() throws Exception {
userSessionRule.logIn().setRoot();
createUser();
String originalPassword = db.getDbClient().userDao().selectOrFailByLogin(db.getSession(), "john").getCryptedPassword();

@@ -106,7 +109,7 @@ public class ChangePasswordActionTest {
}

@Test
public void update_password_on_self() throws Exception {
public void a_user_can_update_his_password() throws Exception {
createUser();
String originalPassword = db.getDbClient().userDao().selectOrFailByLogin(db.getSession(), "john").getCryptedPassword();

@@ -149,6 +152,8 @@ public class ChangePasswordActionTest {

@Test
public void fail_to_update_password_on_external_auth() throws Exception {
userSessionRule.logIn().setRoot();

userUpdater.create(NewUser.builder()
.setEmail("john@email.com")
.setLogin("john")

Редактирование Предпросмотр
Загрузка…
Отмена
Сохранить